...
All sessions are stored on the Ceptor Session Controller and accessed via the API in the Ceptor Agent - the Agent is also responsible for caching content, and participates in a kind distributed shared cache.
Any changes to a session are always done solely by the Ceptor Session Controller - but changes are requested by many other modules via the Ceptor Agent API.
Creating a session from a token/ticket/attribute can involve authenticating the client - e.g. if a session is created from an API Key or an SSL Client Certificate, the creation of the session involves validating and authenticating the client.
Ceptor provices out-of-the-box support for the following Session Resolvers:
...